Redundant pseudowires between Ethernet access domains

ABSTRACT

A computer network includes first and second Ethernet access domain networks, each of Ethernet access domain networks including a user-facing provider edge (u-PE) device, and a stack group of network-facing provider edge (n-PE) devices coupled with the u-PE device, the n-PE devices running a bidding protocol to select one of the n-PE devices as a primary n-PE device for a single pseudowire connection path between the first and second Ethernet access domain networks. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b).

RELATED APPLICATIONS

The present application is related to co-pending application Ser. No.10/925,743 filed Aug. 25, 2004, and Ser. No. 10/857,716 filed May 28,2004, both of which are assigned to the assignee of the presentapplication.

FIELD OF THE INVENTION

The present invention relates generally to digital computer networktechnology; more particularly, to methods and apparatus for providingredundancy mechanisms for network connections.

BACKGROUND OF THE INVENTION

The performance of many applications benefit from being implemented overservice provider networks that support multipoint network services. Amultipoint network service is one that allows each customer edge (CE)end point or node to communicate directly and independently with allother CE nodes. Ethernet switched campus networks are an example of amultipoint service architecture. The multipoint network servicecontrasts with more traditional point-to-point services, such ashub-and-spoke network services, where the end customer designates one CEnode to the hub that multiplexes multiple point-to-point services over asingle User-Network Interface (UNI) to reach multiple “spoke” CE nodes.In a hub-and-spoke network architecture, each spoke can reach any otherspoke only by communicating through the hub. Traditional network serviceoffering to the end customers via wide area networks (WANs) such asFrame Relay (FR) and asynchronous transfer mode (ATM) networks are basedon a hub-and-spoke service architecture.

Virtual Private Network (VPN) services provide secure networkconnections between different locations. A company, for example, can usea VPN to provide secure connections between geographically dispersedsites that need to access the corporate network. There are three typesof VPN that are classified by the network layer used to establish theconnection between the customer and provider network. Layer 1 VPNs aresimple point-to-point protocol (PPP) connections such as leased lines,ISDN links, and dial-up connections. In a Layer 2 VPN (L2VPN) theprovider delivers Layer 2 circuits to the customer (one for each site)and provides switching of the customer data. Customers map their Layer 3routing to the circuit mesh, with customer routes being transparent tothe provider. Many traditional L2VPNs are based on Frame Relay or ATMpacket technologies. In a Layer 3 VPN (L3VPN) the provider routerparticipates in the customer's Layer 3 routing. That is, the CE routerspeer only with attached PEs, advertise their routes to the provider, andthe provider router manages the VPN-specific routing tables, as well asdistributing routes to remote sites. In a Layer 3 Internet Protocol (IP)VPN, customer sites are connected via IP routers that can communicateprivately over a shared backbone as if they are using their own privatenetwork. Multi-protocol label switching (MPLS) Border Gateway Protocol(BGP) networks are one type of L3VPN solution. An example of an IP-basedVirtual Private Network is disclosed in U.S. Pat. No. 6,693,878. U.S.Pat. No. 6,665,273 describes a MPLS system with a network device fortraffic engineering.

Virtual Private LAN Service (VPLS) is an emerging technology thataddresses the need for Layer 2 multipoint VPN that connects multiplesites within a specific metropolitan geographic area. VPLS is anarchitecture that delivers a Layer 2 multipoint VPN service that in allrespects emulates an Ethernet LAN across a wide metropolitan geographicarea. All services in a VPLS appear to be on the same LAN, regardless oflocation. In other words, with VPLS, customers can communicate as ifthey were connected via a private Ethernet segment, i.e., multipointEthernet LAN services. VPLS thus supports the connection of multiplesites in a single bridged domain over a managed IP/MPLS network.

In typical VPLS architecture with an IP/MPLS service provider (SP)network core, the CE devices are connected to the service providernetwork via a PE device. (The connection between a CE-PE pair of devicesis commonly referred to as a UNI.) Each PE-CE pair is shown connected byan Attachment Circuit (AC). An AC is the customer connection to aservice provider network; that is, the connection between a CE and itsassociated PE. An AC may be a point-to-point connection on a physicalinterface, a PPP session from an L2TP tunnel, an MPLS Label SwitchedPath (LSP), or a virtual port, and may be any transport technology,i.e., Frame Relay, ATM, a VLAN, etc. In the context of a VPLS, an AC istypically an Ethernet port, in which Ethernet serves as the framingtechnology between the CE device and the PE router. CE devices can alsobe connected through several edge domains, also known as access domains,which are interconnected using an MPLS core network. Such access domainscan be built using Ethernet switches and techniques such as VLAN tagstacking (so-called “QinQ” encapsulation). By way of example, each PEdevice in an access domain typically includes a Virtual Switch Instance(VSI) that emulates an Ethernet bridge (i.e., switch) function in termsof MAC address learning and forwarding in order to facilitate theprovision of a multi-point L2VPN. In such networks, pseudowires (PWs)are commonly utilized to connect pairs of VSIs associated with differentaccess domains.

A PW is a virtual connection between two PE devices which connect twoACs. Conceptually in context of the VPLS service, a PW can be thought ofas point-to-point virtual link for each offered service between a pairof VSIs. Therefore, if each VSI can be thought of as a virtual Ethernetswitch for a given customer service instance, then each PW can bethought of as a virtual link connecting these virtual switches over aPacket Switched Network (PSN) to each other for that service instance.During setup of a PW, the two connecting PE devices exchange informationabout the service to be emulated in order to be able to properly processpackets received from the other end in the future.

Another type of provider provisioned VPN architecture that uses PWs isthe Virtual Private Wire Service (VPWS). VPWS is a Layer 2 service thatprovides point-to-point connectivity (e.g., Frame Relay, ATM,point-to-point Ethernet) and can be used to create port-based orVLAN-based Ethernet private lines across a MPLS-enabled IP network.Conceptually, in the context of the VPWS service, a PW can be thought ofas a point-to-point virtual link connecting two customer ACs. After a PWis setup between a pair of PEs, frames received by one PE from an AC areencapsulated and sent over the PW to the remote PE, where native framesare reconstructed and forwarded to the other CE. PEs in the SP networkare typically connected together with a set of tunnels, with each tunnelcarrying multiple PWs. The number of PWs setup for a given customer canvary depending on the number of customer sites and the topology forconnecting these sites.

Similar to Ethernet switches, VPLS-capable PE devices are capable ofdynamically learning the Media Access Control (MAC) addresses (on bothphysical ports and virtual circuits) of the frame packets they replicateand forward across both physical ports and PWs. That is, each PE deviceis capable of learning remote MAC addresses-to-PW associations and alsolearns directly attached MAC addresses on customer facing ports. Toachieve this result, PE devices maintain a Forwarding Information Base(FIB) table for each VPN and forward frames based on MAC addressassociations. Another attribute of an Ethernet network is that frameswith unknown destination MAC addresses are flooded to all ports.

For an Ethernet network to function properly, only one available pathcan exist between any two nodes. To provide path redundancy and preventundesirable loops in the network domain topology caused by multipleavailable paths, Ethernet networks typically employ Spanning TreeProtocol (STP), or some variant of STP, e.g., MSTP or RSTP. (Forpurposes of the present application, STP and its variants aregenerically denoted by the acronym “xSTP”.) Switches in a networkrunning STP gather information about other switches in the networkthrough an exchange of data messages called Bridge Protocol Data Units(BPDUs). BPDUs contain information about the transmitting switch and itsports, including its switch and port Media Access Control (MAC)addresses and priorities. The exchange of BPDU messages results in theelection of a root bridge on the network, and computation of the bestpath from each switch to the root switch. To provide path redundancy,STP defines a tree from the root that spans all of the switches in thenetwork, with certain redundant paths being forced into a standby (i.e.,blocked) state. If a particular network segment becomes unreachable theSTP algorithm reconfigures the tree topology and re-establishes the linkby activating an appropriate standby path. Examples of networks that runSTP are disclosed in U.S. Pat. Nos. 6,519,231, 6,188,694 and 6,304,575.

A particular redundancy problem arises when Ethernet and STP arecombined with pseudowires. Basically, when there are two or morepseudowires connecting different Ethernet access domains thatindependently run STP, broadcast and multicast packets can bereplicated, and packets can be “looped back” across the core networkthrough the pseudowires. The source of this problem is twofold: On onehand, STP is designed to build a path with no loops by disabling (i.e.,blocking) any links which could forward traffic to the same destination.On the other hand, VPLS and Ethernet Relay Service (ERS) applications,which use VLAN tags to multiplex several non-same-destinationpseudowires to a single port, assume that a full mesh of PWs connectingall involved PEs is the most efficient network topology. (Loops aredealt with in VPLS and ERS via a mechanism known as “split-horizon”.)

One possible solution to this problem is to devise a mechanism forrunning STP over pseudowires; however, this approach is considered toounwieldy and difficult to implement. Another proposed architecturalsolution is to utilize only a single PW that connects different Ethernetaccess domains across the core network. The primary drawback of thislatter approach is that it means that it installs a single point offailure in network connections. In other words, if the PW connectionfails or if the associated PE devices in the access networks fail,end-to-end connectivity is defeated.

Thus, there is an unsatisfied need for alternative network architecturesand topologies that overcomes the shortcomings of the prior art.

By way of further background, U.S. Pat. No. 6,073,176 discloses amulti-chassis, multi-link point-to-point protocol (PPP) that uses StackGroup Bidding Protocol (SGBP) to conduct multi-link PPP sessions forlinks that either originate or terminate on different systems.Historically, SGBP has been used for dial-up customer (UNI) facinginterfaces to allow network servers to be stacked together and appear asa single server, so that if one server fails or runs out of resources,another server in the stack can accept calls. For instance, U.S. Pat.No. 6,373,838 teaches a dial-up access stacking architecture (DASA) withSGBP that implements a large multi-link dial port in which multiplecommunication links from one site are established to stack group membersthat operate together as a multi-link bundle.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be understood more fully from the detaileddescription that follows and from the accompanying drawings, whichhowever, should not be taken to limit the invention to the specificembodiments shown, but are for explanation and understanding only.

FIG. 1 illustrates one aspect of an exemplary VPLS system with anIP/MPLS core network and separate access network domains in accordancewith one embodiment of the present invention.

FIG. 2 illustrates another aspect of an exemplary VPLS system with anIP/MPLS core network and separate access network domains in accordancewith one embodiment of the present invention.

FIG. 3 is a flow chart diagram showing a method of operation inaccordance with one embodiment of the present invention.

FIG. 4 is a generalized circuit schematic block diagram of a networknode.

DETAILED DESCRIPTION

A network architecture that provides redundant pseudowires betweenEthernet access domains without replicated broadcast and multicastpackets, “loopbacks”, or a single point of failure is described. In thefollowing description specific details are set forth, such as devicetypes, protocols, configurations, etc., in order to provide a thoroughunderstanding of the present invention. However, persons having ordinaryskill in the networking arts will appreciate that these specific detailsmay not be needed to practice the present invention. Practitioners inthe network arts will further appreciate that the architecture of thepresent invention is useful for Ethernet Wire Service (EWS)applications, which emulate point-to-point Ethernet segments, as well asEthernet Relay Service (ERS) applications, which use VLAN tags tomultiplex several non-same-destination pseudowires to a single port.

A computer network is a geographically distributed collection ofinterconnected subnetworks for transporting data between nodes, such asintermediate nodes and end nodes. A local area network (LAN) is anexample of such a subnetwork; a plurality of LANs may be furtherinterconnected by an intermediate network node, such as a router orswitch, to extend the effective “size” of the computer network andincrease the number of communicating nodes. A wide area network (WAN) isa data communications network that spans any distance. Examples of theend nodes may include servers and personal computers. The nodestypically communicate by exchanging discrete frames or packets of dataaccording to predefined protocols. In this context, a protocol consistsof a set of rules defining how the nodes interact with each other.

As shown in FIG. 4, each node 70 typically comprises a number of basicsubsystems including a processor subsystem 71, a main memory 72 and aninput/output (I/O) subsystem 75. Data is transferred between main memory(“system memory”) 72 and processor subsystem 71 over a memory bus 73,and between the processor and I/O subsystems over a system bus 76.Examples of the system bus may include the conventional lightning datatransport (or hyper transport) bus and the conventional peripheralcomponent [computer] interconnect (PCI) bus. Node 70 may also compriseother hardware units/modules 74 coupled to system bus 76 for performingadditional functions. Processor subsystem 71 may comprise one or moreprocessors and a controller device that incorporates a set of functionsincluding a system memory controller, support for one or more systembuses and direct memory access (DMA) engines. In general, thesingle-chip device is designed for general-purpose use and is notoptimized for networking applications.

In a typical networking application, packets are received from a framer,such as an Ethernet media access control (MAC) controller, of the I/Osubsystem attached to the system bus. A DMA engine in the MAC controlleris provided a list of addresses (e.g., in the form of a descriptor ringin a system memory) for buffers it may access in the system memory. Aseach packet is received at the MAC controller, the DMA engine obtainsownership of (“masters”) the system bus to access a next descriptor ringto obtain a next buffer address in the system memory at which it may,e.g., store (“write”) data contained in the packet. The DMA engine mayneed to issue many write operations over the system bus to transfer allof the packet data.

According to one aspect of the present invention, a network topology isprovided in which WAN traffic flows on a single pseudowire between nodes(e.g., PE devices such as routers or switches) associated with differentaccess domains for a specific VLAN. Rather than a full mesh of PWsspanning across the SP core network, only one path across the corenetwork exists per VLAN. In the event of a failure of the PW connection,e.g., one of the PE devices fails, or if the primary WAN router changes,an alternative PW is activated as a redundant path.

In accordance with one embodiment of the present invention, activationof a redundant PW path is achieved by having multiple PE devices in eachaccess domain, with the PE devices being grouped in a stack. A protocolsimilar to SGBP (“SGBP-like”) runs on one or more processors of the PEdevices in each group such that each PE device is aware of which devicein the group operates as a primary or backup connection device for anyparticular link. In the context of the present application, a stackgroup is defined as a collection of two or more nodes or devicesconfigured to operate as a group in an Ethernet access network. Thedevices in the stack group support a single PW connection across a corenetwork to another stack group associated with a different Ethernetaccess network.

FIG. 1 illustrates a basic network topology according to one embodimentof the present invention which includes independent Ethernet accessdomains 20 & 30 connected via a single path across a SP IP/MPLS corenetwork 11. In this example the path across the core is shown by asingle PW 44 that connects core network-facing provider edge (n-PE)devices 24 & 33, which are respectively associated with stack groups 25& 35 of access domains 20 & 30. Each stack group 25 & 35 is shownincluding a second, redundant n-PE device 23 & 33, respectively,although there is no limit on the number of n-PE devices that may beincluded in a stack group. Devices 23 & 24 and 33 & 34 are typicallyedge routers or switches capable of running a protocol to set up PWconnections. The n-PE devices 23 & 24 of access domain 20 are connectedwith a user-facing provider edge (u-PE) device 22, which, in turn,connects with a CE device 21. On the other side of core network 11, n-PEdevices 34 & 35 of access domain 30 are connected with u-PE device 32,which is connected with CE device 31.

The basic idea of the present invention is to allow multiple originatingend n-PE devices of a stack group in an access domain to bid for theright to create a unidirectional Ethernet pseudowire connection acrossthe core network. A similar bidding process allows for a returnpseudowire connection to be created. In other words, a single stackgroup of potentially distributed nodes manages external connectivity.Bidding among nodes occurs independently in each stack group located onopposite sides of the core network, with a single connection path beingestablished across the core between n-PE devices in their respectiveaccess domain. The use of a SGBP-like protocol running in the stackgroups (represented in FIG. 1 by dashed lines 26 and 36) of therespective access domains insures redundancy in the event of aconnection failure, as explained in more detail below.

In the example of FIG. 1, a bidding process within stack group 35results in the selection of n-PE device 33 for sending a connectionrequest out across the core network. The connection request, shown byarrow 41, is received by n-PE device 24 of stack group 25. Device 24responds to the request by initiating a bidding process in stack group25 to determine which n-PE device (i.e., as between devices 23 & 24)should create the tunnel connection across the core. After the biddingprocess in stack group 25 has finished, a response that indicates wherethe tunnel is to be established is sent back to access domain 33. InFIG. 1 this response is illustrated by arrow 42. As a result of thebidding processes in stack groups 25 and 35, a PW connection 44 isestablished between n-PE devices 24 and 33.

Once a connection path has been created across core network 11, theplurality of n-PE devices in each stack group continue to communicatewith each other via “heartbeat” or “hello” messages which communicatethe current state of each device in the group. That is, according to oneaspect of the present invention a dynamic SGBP capability is firstutilized to establish a connection path across the core network; thenthe same SGBP mechanism is utilized to continually monitor traffic andmaintain the PW connection in real-time based on VLAN activity. Forexample, if a particular device in the stack group fails, or it isdetermined that a PW connection should be moved to another n-PE devicefor load-balancing purposes, a backup connection path is dynamicallyestablished through the bidding mechanism, thereby providing redundancyin the SP pseudowire core.

Practitioners in the arts will appreciate that existing SGBP codecreated for dial-up interfaces may be used or modified for selection ofa primary WAN router (i.e., n-PE device) for a VPLS/VSI or VPWSinstance. It should be further understood that in the implementationdescribed above, there is one SGBP-based redundancy state machine pern-PE device. In other words, one SGBP process may handle bids formultiple VPLS or VPWS PWs. Additionally, ordinary practitioners willappreciate that the SGBP bidding mechanism utilized in the presentinvention operates independently of any STP running to prevent loopswithin the access domain. Stated differently, there is no limitationagainst running STP in access domains 20 & 30 of the network topologyshown in FIG. 1.

The bidding process that happens in each stack group—whether it is forinitiating a connection, responding to a connection request, or tore-establish a failed connection—is essentially a negotiation among themultiple n-PE devices in the associated stack group to determine whichdevice has the highest priority for handling a particular establishment.The priority criteria, for example, may include load-balancingconsiderations, the number of links or volume of traffic a particulardevice is currently handling, etc. The bidding could also use existingdata in the n-PE devices, such as which n-PE device is the root for aspanning tree, in order to determine which device should handle a PWconnection.

It is appreciated that a stack group name may be utilized for redundantdevices to bid and load-balance links. The stack group name may beacquired from GARP (Generic Attribute Registration Protocol) VLANRegistration Protocol (GVRP). GVRP is a known application defined in theIEEE 802.1Q standard that allows for the control of 802.1Q VLANs, i.e.,802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunkports. GVRP basically allows a switch to exchange VLAN configurationinformation with other GVRP switches, prune unwanted VLANs and theirassociated broadcast, multicast, and unicast traffic, and dynamicallycreate and manage VLANs on switches connected through 802.1Q trunkports. GVRP In addition, a configured or automatically determined metricfor each member of the stack group may be derived based on a variety ofconsiderations, such as the number of active VPLS instances, which n-PEdevice is the root for a spanning tree, the number of pseudowiresserviced, or the load on a particular physical layer link. In oneembodiment of the present invention, the SGBP running in each stackgroup could utilize GVRP notifications as a mechanism for auto-discoveryof remote access domains (i.e., islands). Stated differently, remoteislands of interest may be discovered and identified via a GVRP process,or some GVRP derivative, instead of by manual configuration.

The VPN for each group of links bundles together may also be identifiedby a VSI that provides cross-domain communication, as defined in theIEEE 802.1ad and 802.1ah specifications.

FIG. 2 illustrates another aspect of an exemplary VPLS system with anIP/MPLS core network and separate Ethernet access network domains inaccordance with one embodiment of the present invention. As previouslystated, the network architecture of the present invention does notrequire a full mesh of PWs to be established between two access domains.Rather, PW connections are only established between those nodes that areactive in a service instance at a particular time.

It is also possible, however, it to establish a full mesh of PWs betweenthe n-PE devices of two different access domain networks, with only onePW being active between the primary n-PE devices. Such an implementationis shown in FIG. 2, wherein PW 51 provides the connection betweenprimary n-PE devices 24 and 34. The end-to-end path across the full SPnetwork, which includes access domains 20 & 30 and IP/MPLS core 11, isdepicted by arrow 60 extending between u-PE devices 22 & 32. Theremaining PWs 52-54 are shown in FIG. 2 as being blocked, whichessentially means that there is no connection path or no PW that isactive between the respective devices. Should the primary WAN routerchange, e.g., due to a failure occur that disables or terminates the PWconnection 51, an alternative PW may be activated as a redundant path.That is, the SGBP mechanism described above dynamically operates toestablish a new tunnel path (or re-establish the failed connectionbetween n-PE devices 24 & 34) across core network 11.

Practitioners in the arts will further appreciate that it is not alwaysnecessary to have a PW connection established across core network 11. Inother words, according to the present invention it is possible toimplement a network in which the PW is created and maintained inreal-time when there is active traffic in a particular VLAN or serviceinstance across SP core 11. Alternatively, a PW connection may beestablished between access domains 20 & 30 and be left “up” regardlessof VLAN traffic. That is, the network may be configured such that asingle PW connection is maintained between provider edge routers foreach service instance irrespective of current VLAN activity.

FIG. 3 is a flowchart diagram that illustrates a method of operation inaccordance with another embodiment of the present invention. In theembodiment of FIG. 3, the process of establishing a connection pathacross the SP core network begins with the selection of a node forhandling the PW connection from the stack group of a first accessdomain, followed by the sending of a connection request message to thestack group of a second access domain (block 61). Receipt of theconnection request causes the stack group of the second access domain toinitiate bidding for the establishment of the PW connection (block 62).After the bidding process ends with the selection of a node in the stackgroup for handling the connection, a response is sent back to the stackgroup of the first access domain (block 63). At this point, a PW“tunnel” for a VPLS instance is created through the SP core network(block 64).

Once a connection path has been established, a state machine running ona processor (or implemented in hardware or firmware) of each n-PE devicein the respective stack groups performs real-time monitoring of thestatus of each device, as well as the PW connection (block 65).Monitoring continues until such time as the connection fails, orload-balancing concerns dictate changing the primary routing device, orsome other consideration, at which time the PW connection isre-established via a potentially different path (block 66).

Although the present invention has been described in conjunction withspecific embodiments, numerous modifications and alterations are wellwithin the scope of the present invention. Accordingly, thespecification and drawings are to be regarded in an illustrative ratherthan a restrictive sense.

1. A computer network comprising: first and second Ethernet accessdomain networks, each of Ethernet access domain networks including: auser-facing provider edge (u-PE) device; a stack group of network-facingprovider edge (n-PE) devices coupled with the u-PE device, the n-PEdevices running a bidding protocol to select one of the n-PE devices asa primary n-PE device for a single pseudowire connection path betweenthe first and second Ethernet access domain networks.
 2. The computernetwork of claim 1 wherein the bidding procotol is further operable tocause the n-PE devices in each stack group to establish a new pseudowireconnection path responsive to a failure in the single pseudowireconnection path.
 3. The computer network of claim 1 wherein the biddingprocotol is further operable to cause the n-PE devices in each stackgroup to dynamically establish a new pseudowire connection pathresponsive to load-balancing considerations.
 4. The computer network ofclaim 1 wherein the bidding procotol runs on a processor associated witheach n-PE device.
 5. The computer network of claim 1 wherein each n-PEdevice comprises a router.
 6. A computer network comprising: first andsecond Ethernet access domain networks, each of Ethernet access domainnetworks including: a user-facing provider edge (u-PE) device; a stackgroup of network-facing provider edge (n-PE) devices coupled with theu-PE device, each n-PE device including at least one processor that runsa bidding protocol to select one of the n-PE devices as a primary n-PEdevice for a single pseudowire connection path between the first andsecond Ethernet access domain networks, the bidding procotol furthercausing the n-PE devices in each stack group to select a redundant n-PEdevice for dynamically establishing a new pseudowire connection pathresponsive to a failure of the single pseudowire connection path or dueto load-balancing considerations.
 7. The computer network of claim 6wherein each n-PE device comprises a router.
 8. The computer network ofclaim 6 wherein the core network comprises a Multi-protocol labelswitching (MPLS) network.
 9. A computer network comprising: first andsecond Ethernet access domain networks, each including: a user-facingprovider edge (u-PE) device; a stack group of network-facing provideredge (n-PE) devices coupled with the u-PE device; and means forselecting one of the n-PE devices as a primary n-PE device for a singlepseudowire connection path between the first and second Ethernet accessdomain networks, and for dynamically selecting a redundant n-PE devicefor a new pseudowire connection path responsive to a failure of thesingle pseudowire connection path.
 10. A computer network comprising:first and second Ethernet access domain networks, each including: auser-facing provider edge (u-PE) device; a stack group of network-facingprovider edge (n-PE) devices coupled with the u-PE device; and means forselecting one of the n-PE devices as a primary n-PE device for a singlepseudowire connection path between the first and second Ethernet accessdomain networks, and for dynamically selecting a redundant n-PE devicefor a new pseudowire connection path to load-balance the n-PE devices ofthe stack group.
 11. An Ethernet access network, comprising: a pluralityof network-facing provider edge (n-PE) devices connected in a stackgroup, and wherein each of the n-PE devices in the stack group includesa processor that runs a stack group bidding protocol (SGBP) to selectone of the n-PE devices as a primary n-PE device for a single pseudowireconnection path to another Ethernet access domain, the SGBP also beingoperable to select a redundant n-PE device for dynamically establishinga new pseudowire connection path responsive to a failure of the singlepseudowire connection path or to load-balance the n-PE devices of thestack group.
 12. The Ethernet access network of claim 11 wherein each ofthe n-PE devices comprises a router.
 13. The Ethernet access network ofclaim 11 further comprising a user-facing provider edge (u-PE) devicecoupled with the stack group.
 14. A processor-implemented method ofoperation for a network-facing provider edge (u-PE) device of a firstEthernet access domain network, comprising: running a stack groupbidding protocol (SGBP) to select a primary n-PE device from among aplurality of n-PE devices in the first Ethernet access domain network,the primary n-PE device having a highest priority connection with asecond Ethernet access domain network; sending a connection request tothe second Ethernet access domain network across a core network;receiving a response from the second Ethernet access domain network; andestablishing a single pseudowire connection path to the second Ethernetaccess domain network across the core network.
 15. Theprocessor-implemented method of operation of claim 14 furthercomprising: running the SGBP to dynamically establish a new pseudowireconnection path to the second Ethernet access domain network across thecore network in response to failure of the single pseudowire connectionpath.
 16. The processor-implemented method of operation of claim 14further comprising: running the SGBP to dynamically establish a newpseudowire connection path to the second Ethernet access domain networkacross the core network to load-balance the plurality of n-PE devices.17. The processor-implemented method of operation of claim 14 whereinthe n-PE devices comprise routers.
 18. A network-facing provider edge(n-PE) device for association in an Ethernet access network, the n-PEdevice comprising: a virtual switch instance (VSI) that provides a Layer2 connection point; and means for selecting a primary n-PE device forestablishing a single Layer 2 connection path between the VSI andanother Ethernet access domain, the primary n-PE device being selectedfrom a logical group consisting of the n-PE device and one or moreadditional n-PE devices in the Ethernet access network, the means alsobeing operable to select a redundant n-PE device for establishing a newLayer 2 connection path in the event of a failure of the single Layer 2connection path or for load-balancing of the logical group.